91b72d5511725cd28de324e74a4f81b3a9f5b04a916ee23aac3d4b3c51d1471d

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eabdf3e9cf82fd74e8929440ea4f57bc_JaffaCakes118.pdf
Size

80KB
MD5

eabdf3e9cf82fd74e8929440ea4f57bc
SHA1

7afd5de05bc0fdae88e2953d51173613d980382e
SHA256

91b72d5511725cd28de324e74a4f81b3a9f5b04a916ee23aac3d4b3c51d1471d
SHA512

d09f06ff09ca705c1381a27d4becdd3f6aafaf27f48d146ed91906d56e57decf5f8255175439f5776dbce3fb820049ca636f1f4e5ba3670beafcddff41e7786b
SSDEEP

1536:ssdFIF8hL6i2I8zKPFrDr36YHz1xjDJdtweuXM4133Fg4uPbYnUtZWbpONiWvrmz:VvZpUKVDjLHzvJbjuc4vzujCUtbNtiey

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2824	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2824	AcroRd32.exe
2824	AcroRd32.exe
2824	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eabdf3e9cf82fd74e8929440ea4f57bc_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ca461c4a8762aec61cb85d067cd03d46

SHA1
b10fcb48a0e970862f5f0999215710219fab1546

SHA256
93bc82e82ae6af6f05a7a16ffea88aa5b625c0e7da77a46f8e43309961f7390c

SHA512
c308761457279bef23abb24788e58d3efab16eeca57f7dab17c56ff8c4f74bc5585f5ed13f5d8a575a57c1d62c9741c407a80d6e38314af1cd643d2dfd9ae86f

Download Submit